hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.

Browse Source
This commit is contained in:
Sebastian Bauersfeld
2019-04-17 18:02:00 -04:00
parent c674f54129
commit 2f200d7517
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/semmle/code/java/frameworks/SpringWeb.qll
View File

@@ -11,7 +11,9 @@ class SpringServletInputAnnotation extends Annotation {
a.hasName("RequestParam") or
a.hasName("RequestHeader") or
a.hasName("CookieValue") or
a.hasName("RequestPart")
a.hasName("RequestPart") or
a.hasName("PathVariable") or
a.hasName("RequestBody")
)
}
}